Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » Computer & Internet » Problemi Informatici » il computer non risponde e devo staccare per forza la spina

il computer non risponde e devo staccare per forza la spina Opzioni
Topic Precedente · Topic Sucessivo
morganito
Inviato: Tuesday, March 01, 2011 4:15:28 PM

Rank: AiutAmico

Iscritto dal : 7/28/2010
Posts: 52
Ciao ho bisogno di una mano,è qualche giorno che il mio pc non funziona bene , mi spiego meglio : si blocca la schermata i tasti non funzionano e sulle finestre c'è scritto non risponde quindi devo staccare la spina e farlo ripartire . ho già scansionato il pc con avira e malwarebytes e ho trovato un troyan che ho eliminato ,almeno credo, comunque non è cambiato niente si blocca ancora . vi allego iL di hijack,perchè io non ne capisco un h Think , ringrazio qualunque buon samaritano che riuscirà a darmi una mano Dancing .

Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\User\.................\Program Files\DNA\btdna.exe (HO CANCELLATO IL MIO NOME)
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60429
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2530241
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - (no file)
R3 - URLSearchHook: BittorrentBar_IT Toolbar - {1d03a978-ac0c-4004-b9fd-9cf361c7bd3f} - C:\Program Files\BittorrentBar_IT\tbBit1.dll
R3 - URLSearchHook: (no name) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - (no file)
R3 - URLSearchHook: (no name) - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - (no file)
R3 - URLSearchHook: (no name) - {e3393495-8103-46a0-8181-270273eddd60} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BittorrentBar_IT Toolbar - {1d03a978-ac0c-4004-b9fd-9cf361c7bd3f} - C:\Program Files\BittorrentBar_IT\tbBit1.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: (no name) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - (no file)
O3 - Toolbar: (no name) - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - (no file)
O3 - Toolbar: BittorrentBar_IT Toolbar - {1d03a978-ac0c-4004-b9fd-9cf361c7bd3f} - C:\Program Files\BittorrentBar_IT\tbBit1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\greta giroli\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\greta giroli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\greta giroli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E41B6ABC-1D85-46C3-9B6A-C14B5565B9D3}: NameServer = 193.70.152.25 193.70.192.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
Torna in alto
 
Sponsor
Inviato: Tuesday, March 01, 2011 4:15:28 PM

 
Torna in alto
 
francok
Inviato: Wednesday, March 02, 2011 8:29:57 AM

Rank: AiutAmico

Iscritto dal : 7/31/2010
Posts: 35
Non staccare la spina a pc acceso massacri la scheda madre Shame on you

Hai fatto la scansione com MBe avira in " modalità provvisoria" ,e il ripristino "conf.sistema" disattivato?

Più di questo non sprei consigliarti,a parte che: usa solo lunux per navigare e addio virus
Torna in alto
 
himaco
Inviato: Wednesday, March 02, 2011 9:09:05 AM
Rank: AiutAmico

Iscritto dal : 12/7/2010
Posts: 269
Ciao Greta.
Dal Log non si evince nulla di che.
Visto che hai già scansionato il PC con MalwareBytes, ti consiglio di passare all'utilizzo di ComboFix, come ultima (o quasi) spiaggia.

Scarica, preferibilmente con Internet Explorer, ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Posiziona ComboFix sul Desktop ed esegui queste operazioni preliminari:
disconnettiti da Internet
● sconnetti, fisicamente, il modem/router dal Computer

E' assolutamente necessario, se attivo:
disattivare l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
disattivare il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix: per lanciare ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona di ComboFix e, dal menù contestuale, scegli la voce Esegui come Amministratore
● segui le istruzioni che verranno rilasciate per eseguire la scansione
● verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare
senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● verranno creati alcuni file sul Desktop e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall, se attivo, potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer, qualora già non fosse presente

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo tu
● ricollega, fisicamente, il modem/router al Computer
connettiti a Internet
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo
Torna in alto
 
morganito
Inviato: Friday, March 04, 2011 9:50:41 PM

Rank: AiutAmico

Iscritto dal : 7/28/2010
Posts: 52
Ciao Himaco ho fatto come hai detto e credo che il mio pc non abbia niente di grave comunque ti allego il log della scansione se ti va dagli un occhiata e dimmi se devo rimuovere qualche cosa che magari non serve o mi crea problemi ,ti chiedo anche di dirmi se c'è una soluzione migliore dello staccare la spina quando si blocca , io lho lasciato in quello stato anche un intera mattina perchè non volevo staccarla ma dopo quattro ore mi sono stufata e l'ho dovuto fare perchè non founzionava nemmeno la tastiera e il tasto di spegnimento. grazie ancora per laiuto :-)))
Torna in alto
 
morganito
Inviato: Friday, March 04, 2011 9:52:45 PM

Rank: AiutAmico

Iscritto dal : 7/28/2010
Posts: 52
ComboFix 11-03-04.02 - 04/03/2011 20.42.09.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.2046.1054 [GMT 1:00]
Eseguito da:
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
ADS - Windows: deleted 48 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\\AppData\Local\qmito.dat
c:\users\\AppData\Local\qmito_nav.dat
c:\users\AppData\Local\qmito_navps.dat
c:\users\\AppData\Local\wkika.dat
c:\users\\AppData\Local\wkika_nav.dat
c:\users\\AppData\Local\wkika_navps.dat
c:\users\\Favorites\Videos.url
c:\users\GRETAG~1\FAVORI~1\Videos.url
c:\windows\system32\winio.vxd
D:\resycled
.
.
((((((((((((((((((((((((( Files Creati Da 2011-02-04 al 2011-03-04 )))))))))))))))))))))))))))))))))))
.
.
2011-03-04 20:02 . 2011-03-04 20:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-04 11:18 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3D43F1B-CFFB-4321-B147-EB2B9911C4A1}\mpengine.dll
2011-03-01 13:33 . 2011-03-04 11:44 -------- d-----w- c:\program files\Onda Connection Manager
2011-02-25 20:59 . 2011-02-25 20:59 -------- d-----w- c:\users\g\AppData\Local\15 Puzzle
2011-02-25 20:58 . 2011-02-25 20:58 -------- d-----w- c:\users\i\AppData\Local\Daily Crossword
2011-02-25 20:45 . 2011-02-25 20:45 -------- d-----w- c:\users\\AppData\Local\WidgetTetra
2011-02-19 12:14 . 2011-02-19 12:14 -------- d-----w- c:\users\\AppData\Local\Real
2011-02-19 12:13 . 2011-02-25 19:21 -------- d-----w- c:\program files\Real
2011-02-13 17:28 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-02-13 17:28 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-02-13 17:28 . 2011-02-13 17:30 -------- d-----w- c:\program files\PDFCreator
2011-02-13 17:28 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 12:13 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-18 20:21 . 2010-06-13 10:29 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-02 16:11 . 2009-10-02 19:01 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 15:55 . 2011-01-13 11:28 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-22 19:59 . 2010-06-13 10:29 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-20 17:09 . 2010-09-16 16:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-09-16 16:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 14:49 . 2011-01-13 11:28 1169408 ----a-w- c:\windows\system32\sdclt.exe
2009-01-24 19:09 . 2009-01-24 19:09 2788800 ----a-w- c:\program files\FLV PlayerFCSetup.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}"= "c:\program files\BittorrentBar_IT\tbBit1.dll" [2011-02-19 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}]
2011-02-19 12:10 3911776 ----a-w- c:\program files\BittorrentBar_IT\tbBit1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-02-19 12:10 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}"= "c:\program files\BittorrentBar_IT\tbBit1.dll" [2011-02-19 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-02-19 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1D03A978-AC0C-4004-B9FD-9CF361C7BD3F}"= "c:\program files\BittorrentBar_IT\tbBit1.dll" [2011-02-19 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-02-19 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BitTorrent DNA"="c:\users\greta giroli\Program Files\DNA\btdna.exe" [2009-11-06 323392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-23 176128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]
R3 ONDA_MW823UP_cdc_acm;ONDA MW823UP CDC-ACM driver;c:\windows\system32\DRIVERS\ONDA_MW823UP_cdc_acm.sys [2010-01-27 86016]
R3 ONDA_MW823UP_cdc_ecm;ONDA_MW823UP_cdc_ecm;c:\windows\system32\DRIVERS\ONDA_MW823UP_cdc_ecm.sys [2010-01-27 49920]
R3 ONDA_MW823UP_cpo;ONDA MW823UP Install;c:\windows\system32\DRIVERS\ONDA_MW823UP_cpo.sys [2010-01-27 9728]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 ONDA_MW823UP_dc_enum;ONDA MW823UP DC Enumerator;c:\windows\system32\DRIVERS\ONDA_MW823UP_dc_enum.sys [2010-01-27 80000]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2530241
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=73&bd=Pavilion&pf=laptop
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\greta giroli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\greta giroli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
FF - ProfilePath - c:\users\greta giroli\AppData\Roaming\Mozilla\Firefox\Profiles\mo44bfcw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530241&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org
FF - Ext: Flash Video Resources Downloader: max@subfighter.com - %profile%\extensions\max@subfighter.com
FF - Ext: Best Security Tips Toolbar: {da30eff8-ccc6-4162-a20d-67402a26a215} - %profile%\extensions\{da30eff8-ccc6-4162-a20d-67402a26a215}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: VideoSurf Videos at a Glance: videosurf_enhanced@videosurf.com - %profile%\extensions\videosurf_enhanced@videosurf.com
FF - Ext: Google Shortcuts: {5C46D283-ABDE-4dce-B83C-08881401921C} - %profile%\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Gossiper Toolbar: {0a452a47-c5a8-4854-a237-4b9b06b376f0} - %profile%\extensions\{0a452a47-c5a8-4854-a237-4b9b06b376f0}
FF - Ext: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - %profile%\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BittorrentBar_IT Community Toolbar: {1d03a978-ac0c-4004-b9fd-9cf361c7bd3f} - %profile%\extensions\{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}
FF - Ext: Softonic-IT Community Toolbar: {e3393495-8103-46a0-8181-270273eddd60} - %profile%\extensions\{e3393495-8103-46a0-8181-270273eddd60}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - CHIAVI ORFANE RIMOSSE - - -
.
URLSearchHooks-{DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - (no file)
URLSearchHooks-{22e03916-85c5-44b0-8dc9-1830c11238d9} - (no file)
URLSearchHooks-{e84cc2c1-b722-48fc-a39c-edb8b525c777} - (no file)
URLSearchHooks-{e3393495-8103-46a0-8181-270273eddd60} - (no file)
BHO-{0a452a47-c5a8-4854-a237-4b9b06b376f0} - (no file)
BHO-{dd02a4eb-4afd-4d60-99d8-e67f964ca813} - (no file)
Toolbar-{dd02a4eb-4afd-4d60-99d8-e67f964ca813} - (no file)
Toolbar-{0a452a47-c5a8-4854-a237-4b9b06b376f0} - (no file)
WebBrowser-{DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - (no file)
WebBrowser-{22E03916-85C5-44B0-8DC9-1830C11238D9} - (no file)
WebBrowser-{E84CC2C1-B722-48FC-A39C-EDB8B525C777} - (no file)
WebBrowser-{E3393495-8103-46A0-8181-270273EDDD60} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HKLM-Run-WAWifiMessage - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-04 21:02
Windows 6.0.6002 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2011-03-04 21:07:46
ComboFix-quarantined-files.txt 2011-03-04 20:07
. mi ero dimenticata di allegare il log :-))))))))

Pre-Run: 64.561.893.376 byte disponibili
Post-Run: 64.490.917.888 byte disponibili
.
- - End Of File - - 468BE2748E4896A5ED004F5073701E31
Torna in alto
 
wolfestein
Inviato: Saturday, March 05, 2011 5:16:16 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 16,004
morganito ha scritto:
c'è una soluzione migliore dello staccare la spina quando si blocca

Basta tenere premuto per qualche secondo il tasto d'accensione del computer.
Un consiglio metti i log di Hijack,Combofix e Malwarebytes nella sezione Sicurezza virus che è quella preposta per questo genere di cose.
Torna in alto
 
morganito
Inviato: Wednesday, March 16, 2011 11:36:35 PM

Rank: AiutAmico

Iscritto dal : 7/28/2010
Posts: 52
ho giàprovato a tenere premuto l'accensione ma non succede niente è tutto bloccato quando succede. grazie per il consiglio sono nuova e di computer capisco poco
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » Computer & Internet » Problemi Informatici » il computer non risponde e devo staccare per forza la spina


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.